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DETAILED ACTION 

1 . This communication is in response to application filed on 5 April 2006, 
subsequently amended on 8 December 2008 due to restriction requirement. Claims 1- 
20 were originally presented and claims 1-5, 10-11 and 18-20 have been elected while 
claims 6-9 and 12-17 have been withdrawn. Claims 1-5, 10-11 and 18-20 are currently 
pending and are presented for examination on the merits. 

Election/Restrictions 

2. Claims 6-9 and 1 2-1 7 are withdrawn from further consideration pursuant to 37 
CFR 1.142(b) as being drawn to a nonelected invention, there being no allowable 
generic or linking claim. Election was made without traverse in the reply filed on 8 
December 2008. 

Priority 

3. Receipt is acknowledged of papers submitted 5 April 2006 under 35 U.S.C. 
1 19(a)-(d), which papers have been placed of record in the file. 

Examiner's Comment 

4. The document TPM Main Part 1 Design Principles, published 2 October 2003 
contains the instructions necessary to execute the functionality of the Trusted Platform 
Module as specified in version 1 .2. Further explanation of the TPM functionality is 
found in the document "TPM v1 .2 Specification Changes" that was also published in 
October 2003, however the exact date of publication cannot be determined. As the 
application filed at the European Patent Office 03405749.7 has a recorded filing date of 
17 October 2003, Examiner is placing reliance on the TPM Main Part 1 Design 
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Principles, Specification Version 1 .2 document as prior art. While it is highly probable 
that the disclosure listed in the Changes document was known and indeed was the 
basis for the migration from TPM v1 .1b to v1 .2, because the exact date is in question, 
Examiner is treating the Specification Changes document as evidence of inherent 
properties that existed within the TPM v1 .2 as described within the Design Principles 
document "There is no requirement that a person of ordinary skill in the art would have 
recognized the inherent disclosure at the time of invention, but only that the subject 
matter is in fact inherent in the prior art reference" Schering Corp. v. Geneva Pharm. 
Inc., 339 F.3d 1373, 1377, 67 USPQ2d 1664, 1668 (Fed. Cir. 2003) (rejecting the 
contention that inherent anticipation requires recognition by a person of ordinary skill in 
the art before the critical date and allowing expert testimony with respect to post-critical 
date clinical trials to show inherency); see also Toro Co. v. Deere & Co., 355 F.3d 
1313, 1320, 69 USPQ2d 1584, 1590 (Fed. Cir. 2004)("[T]he fact that a characteristic is 
a necessary feature or result of a prior-art embodiment (that is itself sufficiently 
described and enabled) is enough for inherent anticipation, even if that fact was 
unknown at the time of the prior invention."); Abbott Labs v. Geneva Pharms., Inc., 182 
F.3d 1315, 1319, 51 USPQ2d 1307, 1310 (Fed.Cir.1999) 

Claim Rejections - 35 USC §112 
5. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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6. Claims 1-5, 8-11 and 18 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which applicant regards as the invention. 

7. Claims 1 and 8 recite a method for maintaining privacy and recites "a user device 
having a security module with a privacy certification authority computers and a 
verification computer". As written the claim incorporates the privacy certification 
authority computers and a verification computer into the user device which is not in 
agreement with Applicant's disclosure or with the remainder of the claim. Paragraph 
0009 cites "transactions that are performed by a user device with a privacy certification 
authority and a verifier or verifying party, which typically is a verification computer". 
Other recitations with disclosure (0010-0012, 0014, 0021, 0028, 0031, 0038) refer to a 
privacy certification authority computer which would lead a person of ordinary skill to 
believe that the privacy certification authority is separate from the user device. Claims 

1 , 6, 8 and 12 also recite a "privacy certification authority computer" which appears 
separate from the user device, therefore the claim is indefinite. For purposes of claim 
examination the remainder of the claim will be used to interpret the user device as being 
separate from the privacy certification authority computers and a verification computer. 
Clarification is required. 

8. Claims 1 and 6 recite "checking the validity of the ... attestation values with the 
public key of the issuer". It is not clear from the claim what device is performing the 
method step of checking the signature value and what device has performed the 
signature. As it is typical to check a signature value using the public key of the signing 
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party, not the receiving party it is not clear if the user device is checking a signature 
issued by the issuer or if the issuer is using a practice that would be deemed atypical by 
a person of ordinary skill in the art. Clarification is required. For purposes of claim 
examination this will be interpreted as the issuer checking the validity of the signature- 
attestation values with the public key of the user device. 

9. Claims 2 recites a first value "derived from a base value" and a second value 
"that is derived from said base value". The phrase "derived from" renders the claim 
indefinite because it is unclear whether the limitations following the phrase are part of 
the claimed invention. See MPEP § 2173.05(d). 

1 0. Claim 3 recites "first and second attestation values that are derived from at least 
one common value". The phrase "derived from" renders the claim indefinite because it 
is unclear whether the limitations following the phrase are part of the claimed invention. 
See MPEP § 2173.05(d). 

1 1 . Claim 5 also recites "derived from" and is therefore also indefinite. 

12. Claim 18 also recites "derived from" and is therefore also indefinite. 

1 3. Claims 2-5, 1 0-1 1 and 1 8 are also rejected as being dependent upon claim 1 . 

14. Claim 9 is also rejected as being dependent upon claim 8. 

Claim Rejections - 35 USC § 102 

1 5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(f) he did not himself invent the subject matter sought to be patented. 
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16. Claims 1-5, 10-11 and 18-20 are rejected under 35 U.S.C. 102(f) because the 
applicant did not invent the claimed subject matter. 

1 7. Examiner cites Paper "Direct Anonymous Attestation", (Direct Anonymous 
Attestation, CCS '04, October 25-29, 2004, 14 pages) presented by Brickell, Camenisch 
and Chen on page 5 "The basic idea underlying the direct anonymous attestation 
scheme is similar to the one of the Camenisch-Lysyanskaya anonymous credential 
system. A trusted hardware module (TPM) chooses a secret "message" f, obtains a 
Camenisch-Lysyanskaya (CL) signature...". Paper "A Signature Scheme with Efficient 
Protocols" (A Signature Scheme with Efficient Protocols", Camenisch and Lysyanskaya, 
date shown by file properties as 10/1 1/2002, 22 pages) discusses at length signatures 
employing zero-knowledge proofs such as the one disclosed in the present invention. 
Lysyanskaya further recites in phd_1_ (Signature Schemes and Applications to 
Cryptographic Protocol Design, thesis paper, Massachusetts Institute of Technology, 
September 2002, 134 pages) on page 5 "The work I did jointly with Jan makes up a 
substantial part of my research experience, and part of this thesis is based on it" would 
lead a person of ordinary skill in the art to the conclusion that Camenisch did not 
independently invent the claimed invention but instead worked jointly with Lysyanskaya, 
therefore the inventive entity as claimed is not accurate. 

Claim Rejections - 35 USC § 103 

18. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

19. Claims 1-5, 10-11 and 18-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over TPM Main Part 1 Design Principles (TPM Main Part 1 Design 
Principles, Specification Version 1.2, Revision 62, 2 October 2003, 161 pages, 
Trusted Computing Group, hereinafter referred to as TPM) in view of TPM v1.2 
Specification Changes (TPM v1.2 Specification Changes, A summary of changes 
with respect to the v1.1b TPM Specification, October 2003, Trusted Computing 
Group, 14 pages, hereinafter referred to as Changes). 

20. As per claim 1 a method for maintaining privacy for transactions comprising 
employing a user device having a security module with a privacy certification authority 
computers and a verification computer, the verification computer having obtained public 
keys from the privacy certification authority computer and from an issuer that provides 
attestation of the security module, the method further comprising the steps of: 

TPM discloses receiving a first set of attestation-signature values (9.3, 31 , 31 .1 , 

31.2, 31.3, 31.3.1, 31.3,2) 

TPM discloses the first set of attestation-signature values being generated by the 
user device using first attestation values obtained from the issuer (9.3, 31 , 31 .1 , 31 .2, 

31.3, 31.3.1, 31.3,2) 

TPM discloses checking the validity of the first set of attestation-signature values 
with the public key of the user device (31 , 31 .1 , 31 .2, 31 .3, 31 .3.1 , 31 .3.2) and Digital 
Signatures (29.2). 
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TPM does not explicitly disclose receiving a second set of attestation-signature 
values, however TPM teaches receiving attestation values (9.3, 31 , 31 .1 , 31 .2, 31 .3, 
31 .3.1 , 31 .3,2, specifically 31 .2 and 31 .3.3), Digital Signatures (29.2) and Changes 
teaches the use of these by verifiers (page 3, Motivation for V1 .2, page 5, Variable 
Anonymity and page 7, Named Base Solution), therefore a predictable result (KSR 
International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of TPM would have 
been to use a second set of attestation values for the purpose of establishing a system 
of trust with third parties. 

and TPM does not explicitly disclose the second set of attestation-signature 
values being generated by the user device using second attestation values obtained 
from the privacy certification authority computer however TPM teaches receiving 
attestation values (4, 9.1 , 9.3, 9.4, 31 , 31 .1 , 31 .2, 31 .3, 31 .3.1 , 31 .3,2, specifically 4, 
9.1 , 9.4, 31 .2 and 31 .3.3), Digital Signatures (29.2) and Changes teaches the use of 
these by verifiers (page 3, Motivation for V1 .2, page 5, Variable Anonymity, Page 6, 
Trust Considerations and page 7, Named Base Solution) therefore a predictable result 
(KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of TPM would 
have been to use a second set of attestation values generated by the user device for 
the purpose of establishing a system of trust with third parties. 

TPM does not explicitly disclose checking the validity of the second set of 
attestation-signature values with the public key of the privacy certification authority 
computer however TPM teaches checking validity with the public key (9.3, 31 , 31 .1 , 
31 .2, 31 .3, 31 .3.1 , 31 .3,2, specifically 4,9.1 , 9.4 and 31 .1 ), Digital Signatures (29.2) and 
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Changes teaches the use of these by verifiers (page 3, Motivation for V1 .2, page 4-5, 
DAA Overview and page 7, Named Base Solution), therefore a predictable result (KSR 
International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of TPM would have 
been to use the public key of the privacy certification authority for the purpose of 
establishing a system of trust with third parties. 

and TPM does not explicitly disclose verifying whether or not the first and second 
sets of attestation-signature values relate to the user device. TPM teaches verifying 
whether or not the first and second sets of attestation values relate to the user device 
(4, 9.1 , 9.3, 9.4, 31 , 31 .1 , 31 .2, 31 .3, 31 .3.1 , 31 .3,2), Digital Signatures (29.2), see also 
Changes (page 3, Motivation for V1 .2, 4-5, DAA Overview, therefore a predictable result 
(KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of TPM would 
have been to verify that the attestation values came from the user device for the 
purpose of establishing a system of trust with third parties. 

21 . As per claim 2 the method according to claim 1 , wherein the step of verifying 
comprises the step of: 

TPM does not explicitly disclose verifying that a first value is derived from a base 
value, comprised in the first set of attestation-signature values, and identical to a 
second value that is derived from said base value and is comprised in the second set of 
attestation-signature values 1 , however TPM teaches endorsement keys to verify a first 
set of values (3), a second set of keys to verify a second set of values (4), a base value, 
(31 .3.2, 31 .3.3), Digital Signatures (29.2), (see also Changes (page 3, Motivation for 
V1 .2, 4-5, DAA Overview, Variable Anonymity and 6, Name Based Solution, therefore a 
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predictable result (KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) 
of TPM would have been to use a second set of attestation values for the purpose of 
establishing a system of trust with third parties. 

22. As per claim 3 the method according to claim 1 , wherein the step of verifying 
comprises the step of: 

TPM does not explicitly disclose verifying a proof that the first and second 
attestation-signature values are based on the first and second attestation values that 
are derived from at least one common value 2, however TPM teaches endorsement 
keys to verify a first set of values (3), a second set of keys to verify a second set of 
values (4), a base value, (31 .3.2, 31 .3.3), Digital Signatures (29.2), and verifying (31 .1 , 
31 .2) (see also Changes (page 3, Motivation for V1.2, 4-5, DAA Overview, Variable 
Anonymity and 6, Name Based Solution). Therefore a predictable result {KSR 
International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of TPM would have 
been obvious to use a second set of attestation values for the purpose of establishing a 
system of trust with third parties. 

23. As per claim 4 the method according to claim 2, TPM does not explicitly disclose 
wherein the base value is different each time the method is applied, however this is 
non-functional descriptive material "Where the printed matter is not functionally related 
to the substrate, the printed matter will not distinguish the invention from the prior art in 
terms of patentability .... [T]he critical question is whether there exists any new and 
unobvious functional relationship between the printed matter and the substrate" In re 
Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re 
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Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP 2106.01 II. However, TPM teaches 
endorsement keys to verify a first set of values (3), a second set of keys to verify a 
second set of values (4), a base value, (31.3.2, 31.3.3), Digital Signatures (29.2), and 
verifying (31 .1 , 31 .2) (see also Changes (page 3, Motivation for V1 .2, 4-5, DAA 
Overview, Variable Anonymity and 6, Name Based Solution). Therefore a predictable 
result (KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of TPM 
would have to change the base value for the purpose of preventing intruder attacks. 
24. As per claim 5 the method according to claim 3, TPM does not explicitly disclose 
wherein the common value is derived from an endorsement key that is related to the 
security module, however this is non-functional descriptive material "Where the printed 
matter is not functionally related to the substrate, the printed matter will not distinguish 
the invention from the prior art in terms of patentability .... [T]he critical question is 
whether there exists any new and unobvious functional relationship between the printed 
matter and the substrate" In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 
USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP 
21 06.01 II. However TPM teaches all the base values that form the key (31 .3.2, 
31 .3.3) TPM teaches all the functions that can be used to derive a key (2.2.2, 2.2.2.1 , 
2.2.2.2, 2.2.3, 2.2.3., 2.2.3.2, 2.2.4, 2.2.5, 2.2.6, 3, 4), see also Changes (page 6, 
Named-Based Solution), therefore a predictable result (KSR International Co. v. 
Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of TPM would have been to derive an 
endorsement key that is related to the security module for the purpose of establishing 
an environment of trust. 
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25. As per claim 10 TPM discloses a computer program element comprising program 
code means for performing the method of claim 1 when said program is run on a 
computer (2.2.9). 

26. As per claim 1 1 TPM discloses a computer program product stored on a 
computer usable medium, comprising computer readable program means for causing a 
computer to perform the method according to claim 1 (2.2, 2.2.8, 2.2.10, 26). 

27. As per claim 18 The method according to claim 1 

TPM does not explicitly disclose verifying that a first value is derived from a base 
value, comprised in the first set of attestation-signature values, and identical to a 
second value that is derived from said base value and is comprised in the second set of 
attestation-signature values 1 , however TPM teaches endorsement keys to verify a first 
set of values (3), a second set of keys to verify a second set of values (4), a base value, 
(31 .3.2, 31 .3.3), Digital Signatures (29.2), (see also Changes (page 3, Motivation for 
V1 .2, 4-5, DAA Overview, Variable Anonymity and 6, Name Based Solution), Therefore 
a predictable (KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of 
TPM would have been to verify an identical value as part of building trust. 

TPM does not explicitly disclose verifying a proof that the first and second 
attestation-signature values are based on the first and second attestation values that 
are derived from at least one common value 2, however TPM teaches endorsement 
keys to verify a first set of values (3), a second set of keys to verify a second set of 
values (4), a base value, (31 .3.2, 31 .3.3), Digital Signatures (29.2), and verifying (31 .1 , 
31 .2) (see also Changes (page 3, Motivation for V1.2, 4-5, DAA Overview, Variable 
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Anonymity and 6, Name Based Solution), Therefore a predictable result (KSR 
International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of TPM would have 
been to verify that the values are derived from a common value as part of building a 
relation of trust. 

TPM does not explicitly disclose wherein the base value is different each time the 
method is applied, however this is non-functional descriptive material "Where the 
printed matter is not functionally related to the substrate, the printed matter will not 
distinguish the invention from the prior art in terms of patentability .... [T]he critical 
question is whether there exists any new and unobvious functional relationship between 
the printed matter and the substrate" In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re 
Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); 
MPEP 2106.01 II. However, TPM teaches endorsement keys to verify a first set of 
values (3), a second set of keys to verify a second set of values (4), a base value, 
(31 .3.2, 31 .3.3), Digital Signatures (29.2), and verifying (31 .1 , 31 .2) (see also Changes 
(page 3, Motivation for V1 .2, 4-5, DAA Overview, Variable Anonymity and 6, Name 
Based Solution), Therefore a predictable result {KSR International Co. v. Teleflex Inc., 
82 USPQ2d 1385 (U.S. 2007)) of TPM would have been to use different values to 
prevent attacks. 

TPM does not explicitly disclose wherein the common value is derived from an 
endorsement key that is related to the security module, however this is non-functional 
descriptive material "Where the printed matter is not functionally related to the 
substrate, the printed matter will not distinguish the invention from the prior art in terms 
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of patentability .... [T]he critical question is whether there exists any new and unobvious 
functional relationship between the printed matter and the substrate" In re Gulack, 217 
USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 
USPQ2d 1031 (Fed. Cir. 1994); MPEP 2106.01 II. However TPM teaches all the base 
values that form the key (31 .3.2, 31 .3.3) TPM teaches all the functions that can be used 
to derive a key (2.2.2, 2.2.2.1, 2.2.2.2, 2.2.3, 2.2.3., 2.2.3.2, 2.2.4, 2.2.5, 2.2.6, 3, 4), 
see also Changes (page 6, Named-Based Solution), Therefore a predictable result 
(KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) of TPM would 
have been to derive the common value from the endorsement key as part of building a 
relation of trust. 

28. As per claim 1 9 TPM discloses an article of manufacture comprising a computer 
usable medium having computer readable program code means embodied therein for 
causing maintenance of privacy for transactions, the computer readable program code 
means in said article of manufacture comprising computer readable program code 
means for causing a computer to effect the steps of claim 18 (2.2, 2.2.8, 2.2.10, 26). 

29. As per claim 20 TPM discloses a program storage device readable by machine, 
tangibly embodying a program of instructions executable by the machine to perform 
method steps for maintaining privacy for transactions, said method steps comprising the 
steps of claim 18 (2.2, 2.2.8, 2.2.10, 26). 

Please note : 

Examiner has pointed out particular references contained in the prior arts of 
record in the body of this action for the convenience of the applicant. Although the 
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specified citations are representative of the teachings of the art and are applied to the 
specific limitations within the individual claim, other passages and figures may apply as 
well. It is respectfully requested from the applicant, in preparing the response, to 
consider fully the entire references as potentially teaching all or part of the claimed 
invention, as well as the context of the passage as taught by the prior arts or disclosed 
by the examiner. 

A recitation of the intended use of the claimed invention must result in a 
structural difference between the claimed invention and the prior art in order to 
patentably distinguish the claimed invention from the prior art. If the prior art structure is 
capable of performing the intended use, then it meets the claim. 

Applicant(s) are reminded that optional or conditional elements do not narrow the 
claims because they can always be omitted. See e.g. MPEP §2106 II C: "Language 
that suggest or makes optional but does not require steps to be performed or does not 
limit a claim to a particular structure does not limit the scope of a claim or claim 
limitation. [Emphasis in original.]"; and In re Johnston, 435 F.3d 1381, 77 USPQ2d 
1788, 1790 (Fed. Cir. 2006) ("As a matter of linguistic precision, optional elements do 
not narrow the claim because they can always be omitted."). 
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Conclusion 
Pertinent Art not Cited 

30. Silverbrook, et al., U.S. Patent 6,442,525. 

31 . Shamir, et al., U.S. Patent 4,748,668. 

Inquiries Concerning this Communication 
Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JAMES NIGH whose telephone number is (571 )270- 
5486. The examiner can normally be reached on Monday-Thursday 6:45-5:15. 
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